Exploit kits are one of the threats that is ever present on the Internet. Indiscriminately compromising users that are simply surfing websites. As ransomware has exploded so has the proliferation of these exploit kits. This combination of ransomware, tor, and bitcoin has created a financially lucrative monster.
One of the challenges with investigating exploit kits is how quickly they move and pivot to other systems. For the last year Talos has been systematically diving into each exploit kit trying to find nuggets of gold from a sea of compromise. Thus far the results have been promising, with some extremely successful outcomes related to Angler and Rig exploit kits specifically.
This talk will outline the process that was followed, what we found and how we leveraged it to inflict damage on the users of these exploit kits. However, we are far from done. This talk will also reveal additional details around several other exploit kits and round out our year taking on exploit kits to inflict damage on the users. We will spend some time discussing how we’ve seen exploit kits change as a result of our published research and will conclude with some previously undisclosed details surrounding some of the exploit kits activities.
======
Nick Biasini’s interest in computers and technology started at a young age when he tore apart his parents brand new 486SX PC. Ever since he has been tinkering with computers in one way or another.
Nick started down the path of information systems in college and has spent his professional career working in information security. Nick has spent time in most roles in a SOC including analyst, engineer, and managing teams. Nick has a master’s degree in digital forensics from the University of Central Florida and has worked for government and private sector environments in his career.
In his time with Talos Nick has researched a wide range of topics including Exploit Kits and various malware campaigns being distributed through SPAM.
